495019c56173709f29bca35b101b8e06724df84075fc42bf8f76e772f0ec1c65

Analysis

max time kernel
107s
max time network
72s
platform
windows7_x64
resource
win7-20231215-es
resource tags

arch:x64arch:x86image:win7-20231215-eslocale:es-esos:windows7-x64systemwindows
submitted
30/12/2023, 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing.exe
Size

625KB
MD5

336e99598680dafe383075171e03514c
SHA1

71674f9da0c61bc8a25cff3a2dc5467e62add018
SHA256

7add9772a39b830fab3e7696ae00523bb2046383d4c19f7df5d107e9a8174e5c
SHA512

7adc5326921a43a89aea4573917b9af36455e4fa4d03c862e6ce933704062618060744687377a962938f9b4dca2e19a43a92802786eade9a092ab1b9e3ef47a5
SSDEEP

3072:kVlAZX7pQWDRub+S1xZcrvfNGlbTS8leKZHLvNAzRIM/XTHlFvwkC0YVvrmspch3:kVls9uueVFCP

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1516	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1516	AUDIODG.EXE
Token: 33	1516	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1516	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2668	Office Sharing.exe
2668	Office Sharing.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 3048	2668	Office Sharing.exe	29
PID 2668 wrote to memory of 3048	2668	Office Sharing.exe	29
PID 2668 wrote to memory of 3048	2668	Office Sharing.exe	29
PID 2668 wrote to memory of 3048	2668	Office Sharing.exe	29

C:\Users\Admin\AppData\Local\Temp\OfficeSharing RJ311604\OfficeSharing\OfficeSharing_Windows\Office Sharing.exe
"C:\Users\Admin\AppData\Local\Temp\OfficeSharing RJ311604\OfficeSharing\OfficeSharing_Windows\Office Sharing.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Users\Admin\AppData\Local\Temp\OfficeSharing RJ311604\OfficeSharing\OfficeSharing_Windows\UnityCrashHandler32.exe
  "C:\Users\Admin\AppData\Local\Temp\OfficeSharing RJ311604\OfficeSharing\OfficeSharing_Windows\UnityCrashHandler32.exe" --attach 2668 1118208
  2⤵
  PID:3048

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2668-0-0x0000000000350000-0x0000000000360000-memory.dmp

Filesize
64KB

Download
memory/2668-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2668-2-0x0000000005890000-0x00000000058A0000-memory.dmp

Filesize
64KB

Download
memory/2668-3-0x00000000061D0000-0x00000000061E0000-memory.dmp

Filesize
64KB

Download
memory/2668-20-0x00000000063F0000-0x0000000006400000-memory.dmp

Filesize
64KB

Download
memory/2668-21-0x0000000000350000-0x0000000000360000-memory.dmp

Filesize
64KB

Download
memory/2668-22-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2668-23-0x0000000006500000-0x0000000006510000-memory.dmp

Filesize
64KB

Download
memory/2668-24-0x0000000006580000-0x00000000065A0000-memory.dmp

Filesize
128KB

Download
memory/2668-25-0x0000000005890000-0x00000000058A0000-memory.dmp

Filesize
64KB

Download
memory/2668-26-0x00000000FFED0000-0x00000000FFEE0000-memory.dmp

Filesize
64KB

Download
memory/2668-30-0x00000000FFEE0000-0x00000000FFEF0000-memory.dmp

Filesize
64KB

Download
memory/2668-43-0x00000000061D0000-0x00000000061E0000-memory.dmp

Filesize
64KB

Download
memory/2668-44-0x0000000006A30000-0x0000000006A40000-memory.dmp

Filesize
64KB

Download
memory/2668-45-0x00000000063F0000-0x0000000006400000-memory.dmp

Filesize
64KB

Download
memory/2668-46-0x0000000006500000-0x0000000006510000-memory.dmp

Filesize
64KB

Download
memory/2668-47-0x0000000006D10000-0x0000000006D20000-memory.dmp

Filesize
64KB

Download
memory/2668-48-0x0000000006580000-0x00000000065A0000-memory.dmp

Filesize
128KB

Download
memory/2668-49-0x0000000006E70000-0x0000000006E80000-memory.dmp

Filesize
64KB

Download
memory/2668-50-0x0000000006E80000-0x0000000006E90000-memory.dmp

Filesize
64KB

Download
memory/2668-55-0x0000000007D50000-0x0000000007D60000-memory.dmp

Filesize
64KB

Download
memory/2668-51-0x0000000007070000-0x0000000007080000-memory.dmp

Filesize
64KB

Download
memory/2668-58-0x0000000008320000-0x0000000008330000-memory.dmp

Filesize
64KB

Download
memory/2668-61-0x0000000008370000-0x0000000008380000-memory.dmp

Filesize
64KB

Download
memory/2668-62-0x00000000FFE00000-0x00000000FFE10000-memory.dmp

Filesize
64KB

Download
memory/2668-65-0x00000000FFED0000-0x00000000FFEE0000-memory.dmp

Filesize
64KB

Download
memory/2668-68-0x00000000FFEE0000-0x00000000FFEF0000-memory.dmp

Filesize
64KB

Download
memory/2668-83-0x00000000FFDF0000-0x00000000FFE00000-memory.dmp

Filesize
64KB

Download
memory/2668-108-0x00000000FFDB0000-0x00000000FFDC0000-memory.dmp

Filesize
64KB

Download
memory/2668-112-0x00000000FFDC0000-0x00000000FFDD0000-memory.dmp

Filesize
64KB

Download
memory/2668-197-0x00000000FFC20000-0x00000000FFC40000-memory.dmp

Filesize
128KB

Download
memory/2668-198-0x00000000FFCD0000-0x00000000FFCE0000-memory.dmp

Filesize
64KB

Download
memory/2668-201-0x00000000FFC80000-0x00000000FFCA0000-memory.dmp

Filesize
128KB

Download
memory/2668-218-0x00000000FFBD0000-0x00000000FFBF0000-memory.dmp

Filesize
128KB

Download
memory/2668-222-0x00000000FFBA0000-0x00000000FFBB0000-memory.dmp

Filesize
64KB

Download
memory/2668-267-0x00000000FFAD0000-0x00000000FFAF0000-memory.dmp

Filesize
128KB

Download
memory/2668-272-0x00000000FFBF0000-0x00000000FFC10000-memory.dmp

Filesize
128KB

Download
memory/2668-271-0x00000000FFB40000-0x00000000FFB60000-memory.dmp

Filesize
128KB

Download
memory/2668-275-0x00000000FFAF0000-0x00000000FFB10000-memory.dmp

Filesize
128KB

Download
memory/2668-279-0x00000000FFD30000-0x00000000FFD40000-memory.dmp

Filesize
64KB

Download
memory/2668-296-0x00000000FFD40000-0x00000000FFD50000-memory.dmp

Filesize
64KB

Download
memory/2668-299-0x00000000FFAC0000-0x00000000FFAD0000-memory.dmp

Filesize
64KB

Download
memory/2668-316-0x00000000FFA90000-0x00000000FFAA0000-memory.dmp

Filesize
64KB

Download
memory/2668-322-0x00000000FFD50000-0x00000000FFD60000-memory.dmp

Filesize
64KB

Download
memory/2668-321-0x00000000FFAA0000-0x00000000FFAB0000-memory.dmp

Filesize
64KB

Download
memory/2668-325-0x00000000FFDA0000-0x00000000FFDB0000-memory.dmp

Filesize
64KB

Download
memory/2668-327-0x00000000FFA80000-0x00000000FFA90000-memory.dmp

Filesize
64KB

Download
memory/2668-328-0x00000000FFB80000-0x00000000FFBA0000-memory.dmp

Filesize
128KB

Download
memory/2668-334-0x0000000006A30000-0x0000000006A40000-memory.dmp

Filesize
64KB

Download
memory/2668-335-0x0000000006D10000-0x0000000006D20000-memory.dmp

Filesize
64KB

Download
memory/2668-336-0x0000000006E70000-0x0000000006E80000-memory.dmp

Filesize
64KB

Download
memory/2668-337-0x0000000006E80000-0x0000000006E90000-memory.dmp

Filesize
64KB

Download
memory/2668-338-0x0000000007070000-0x0000000007080000-memory.dmp

Filesize
64KB

Download
memory/2668-339-0x0000000007D50000-0x0000000007D60000-memory.dmp

Filesize
64KB

Download
memory/2668-340-0x0000000008320000-0x0000000008330000-memory.dmp

Filesize
64KB

Download
memory/2668-341-0x0000000008370000-0x0000000008380000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads